How to generate a csr for IBM HTTP Server

How do I generate a csr for IBM HTTP Server


NOTE:A key length of 1024 bit is the default, but Thawte recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.

To generate the key and CSR for IBM HTTP server through IKEYMAN please follow the instructions below:

A Key Database File(.kdb) using IKEYMAN needs to be generated. Please follow these steps:

  1. Open the IKEYMAN Utility (From Windows NT click Start -> Programs -> IBM HTTP Server -> Start Key Management Utility
  2. From the Menu Bar select "Key Database File"
  3. Click on NEW
  4. File Name = (The name you want to give the new Key Database file you are creating)
  5. Location = (the location on the harddrive you wish to store the .kdb file)
    NOTE: On NT this is usually the /IBM Http Server/ssl directory
  6. After Saving the file to the location specified you will be prompted to enter a password
    NOTE: This is the password that will be used to open the .kdb file in IKEYMAN in the future
  7. Make sure to click the box that states "stash the password to a file?"
    NOTE: This will encrypt the password and save the file as a .sth file in the same directory as the .kdb file.
  8. Once you click OK, you are done.

Generating the CSR

  1. Open the Key Database File(.kdb) using the IKEYMAN utility
  2. In the middle of the IKEYMAN GUI you will see a section called "Key database content"
  3. Click on the "down arrow" to the right to display a list of three choices
  4. Select "Personal Certificate Requests"
  5. Key Label = (The name you want to give the certificate to identify it in IKEYMAN)
    NOTE: Using the SiteName (example: as the label is a good practice
  6. Key Size = (1024 for 128bit, 512 for 56bit)
  7. Common Name = (SiteName, example:
    NOTE: This is the name that the Thawte will register, so it is important it matches the actual Site Name
  8. Organization = (Company Name)
  9. "Enter the name of a file in which to store the certificate request"

    NOTE: This is the file (.arm) that will contain your request. It is a simple text file that can be opened in any text editor. The information contained in this file is what Thawte needs you to provide us.
    *Saving this file (.arm) in the same directory as the .kdb file is recommended.

  10. Once you save the file (.arm) you are done with creating the request.

For more information please refer to this IBM technical support link: 

For more information on using the Ikeyman please referr to this:

Was this answer helpful? 0 Users Found This Useful (0 Votes)